Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
CVE-2026-48691: FastNetMon Community Edition BGP Data Overflow
CVE-2026-48691
Summary
The FastNetMon Community Edition software has a bug that can cause it to overflow when handling large BGP data. This can lead to data corruption or crashes. Update to the latest version to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| pavel-odintsov | fastnetmon |
<= 1.2.9 cpe:2.3:a:pavel-odintsov:fastnetmon:*:*:*:*:community:*:*:* |
Original title
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes at...
Original description
FastNetMon Community Edition through 1.2.9 contains an integer overflow in the BGP AS_PATH attribute encoder. In src/bgp_protocol.hpp, the IPv4UnicastAnnounce::get_attributes() function computes attribute_length as 'sizeof(bgp_as_path_segment_element_t) + this->as_path_asns.size() * sizeof(uint32_t)' and stores it in a uint8_t field (line 600-605). Since uint8_t can only hold values 0-255, an AS_PATH containing more than 63 ASNs (2 + 64*4 = 258 > 255) causes silent truncation. The truncated length is used for buffer sizing, while the actual data written is the full untruncated amount, resulting in a heap buffer overflow. Similarly, the path_segment_length field at line 621 is also uint8_t, truncating with more than 255 ASNs.
Vulnerability type
CWE-190
Integer Overflow
CWE-122
Heap-based Buffer Overflow
Published: 26 May 2026 · Updated: 28 May 2026 · First seen: 26 May 2026